DevBank and Your Explorer Key

DevBank is an API environment running the full stack of Apiture APIs for the Apiture Developer Portal (Dev Portal).

This sandbox environment exists only for testing purposes—for trying out and learning the Apiture APIs from the Dev Portal or from your own development environment, tools, and test applications. The Get Started page and the Try It feature in the API Reference execute API calls against the DevBank environment.

DevBank is not connected to any real money movement. While you can create accounts via the Account Applications and Accounts APIs, you cannot transfer money into or out of the accounts: they are not real accounts. In addition, no scheduled transfers are processed, and any transaction history is mock data.

The Apiture APIs are deployed in DevBank at

Authentication and Authorization

When you log on to, the Dev Portal coordinates authentication with DevBank, which uses the Dev Portal as the identity server.

The authentication bearer token granted when you log onto the Dev Portal may be used for API calls on DevBank. (See Secure Access for more information about calling Apiture APIs in a secure manner.)

The Apiture APIs will create resources owned by your Dev Portal identity, and the APIs will return only the data associated with your Dev Portal identity. All resources in the APIs are guarded by end-user entitlements. For example, each user can see their accounts, but not other peoples’ accounts. (However, co-owners and authorized signers can see their associated accounts.)

Your DevBank Explorer API Key and Access Token

Your My Account page also shows your Explorer Key (once approved) which you can use as an API Key for API calls. The key and token are both presented as masked data in the Try It blocks. Click the “eye-con” in your My Account page to reveal your Explorer Key and your access token. Copy these values for use outside the Dev Portal, such as in curl or http commands or in Postman or other API testing tools. Your Explorer Key is associated with the client application, Dev Portal.

The Dev Portal automatically inserts your Explorer Key and your access token in the Try It blocks in the API reference or tutorials as the API-Key request header and the Authorization: Bearer <access-token> request header, respectively.

For example, if you reveal your explorer key and access tokens and they have the values 4508485571702fea0e8b and ef0ea4086f04d14d3984c4aefaf7e0aa5c, you can use them in an API call via curl:

# Use bash `read' so your key and token are not saved in shell history:
$ read KEY
$ read TOKEN
$ curl "-HAPI-Key:$KEY" \
       "-HAuthorization: Bearer $TOKEN" \

Your Explorer access token expires every 45 minutes, but the Dev Portal automatically refreshes it if you remain active. If you try an API call with your Explorer Key and token and get a 401 Unauthorized or 403 Forbidden HTTP response code, your may have used an expired access token. Return to your My Account page and copy the most recent access token.

You should treat both the Explorer API key and your access token as secret data. Do not share your key or token with others, embed them in source code, etc.

Generating Sample Data

The Dev Portal My Account page also has a button to allow you to generate sample data to create a new savings account owned by your Dev Portal identity, but created with mock data. The data generation may take a few minutes. After generating data, you should see some data with the getAccounts operation in the Accounts API, the getContacts operation in the Contacts API, and more.

Discoverer Key

If you visit the developer portal without authenticating, the Dev Portal will use a Discoverer API Key and a private access token. These allow visitors to try the APIs without registering or logging in, but have limited permissions. Both of these expire on a regular basis and are presented as masked data in the Try It blocks.